1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cstddef>
17 #include <cstdint>
18 #include <string>
19 #include <unistd.h>
20 #include <unordered_map>
21 #include <fuzzer/FuzzedDataProvider.h>
22
23 #include "dm_transport.h"
24 #include "dm_transport_fuzzer.h"
25 #include "dm_comm_tool.h"
26
27
28 namespace OHOS {
29 namespace DistributedHardware {
30
31 std::shared_ptr<DMCommTool> dmCommToolPtr_ = std::make_shared<DMCommTool>();
32 std::shared_ptr<DMTransport> dmTransPortPtr_ = std::make_shared<DMTransport>(dmCommToolPtr_);
33
34
DmTransPortFuzzTest(const uint8_t * data,size_t size)35 void DmTransPortFuzzTest(const uint8_t* data, size_t size)
36 {
37 if ((data == nullptr) || (size < sizeof(int32_t))) {
38 return;
39 }
40 FuzzedDataProvider fdp(data, size);
41 int32_t socketId = fdp.ConsumeIntegral<int32_t>();
42 std::string rmtNetworkId(reinterpret_cast<const char*>(data), size);
43 std::string dmPkgName(reinterpret_cast<const char*>(data), size);
44 std::string peerSocketName(reinterpret_cast<const char*>(data), size);
45 PeerSocketInfo info = {
46 .name = const_cast<char*>(peerSocketName.c_str()),
47 .networkId = const_cast<char*>(rmtNetworkId.c_str()),
48 .pkgName = const_cast<char*>(dmPkgName.c_str()),
49 .dataType = DATA_TYPE_BYTES
50 };
51 dmTransPortPtr_->OnSocketOpened(socketId, info);
52 dmTransPortPtr_->OnSocketOpened(socketId, info);
53 ShutdownReason reason = ShutdownReason::SHUTDOWN_REASON_LNN_CHANGED;
54 dmTransPortPtr_->OnSocketClosed(socketId, reason);
55
56 void *dataInfo = nullptr;
57 uint32_t dataLen = 0;
58 dmTransPortPtr_->OnBytesReceived(socketId, dataInfo, dataLen);
59
60 std::string dataStr(reinterpret_cast<const char*>(data), size);
61 dataInfo = reinterpret_cast<void*>(dataStr.data());
62 dataLen = static_cast<uint32_t>(dataStr.length());
63 dmTransPortPtr_->OnBytesReceived(socketId, dataInfo, dataLen);
64
65 std::string payload(reinterpret_cast<const char*>(data), size);
66 dmTransPortPtr_->HandleReceiveMessage(socketId, payload);
67
68 payload = "";
69 dmTransPortPtr_->HandleReceiveMessage(socketId, payload);
70 }
71
DmTransPortFirstFuzzTest(const uint8_t * data,size_t size)72 void DmTransPortFirstFuzzTest(const uint8_t* data, size_t size)
73 {
74 if ((data == nullptr) || (size < sizeof(int32_t))) {
75 return;
76 }
77
78 const char* jsonString = R"({
79 "MsgType": "0",
80 "userId": "12345",
81 "accountId": "a******3",
82 "peerUdids": ["u******1", "u******2"],
83 "peerUdid": "p******d",
84 "accountName": "t******t",
85 "syncUserIdFlag": 1,
86 "userIds": [
87 {"type": 1, "userId": 111},
88 {"type": 0, "userId": 222}
89 ]
90 })";
91
92 std::string payload(jsonString);
93 FuzzedDataProvider fdp(data, size);
94 int32_t socketId = fdp.ConsumeIntegral<int32_t>();
95 std::string rmtNetworkId(reinterpret_cast<const char*>(data), size);
96 std::string dmPkgName(reinterpret_cast<const char*>(data), size);
97 std::string peerSocketName(reinterpret_cast<const char*>(data), size);
98 PeerSocketInfo info = {
99 .name = const_cast<char*>(peerSocketName.c_str()),
100 .networkId = const_cast<char*>(rmtNetworkId.c_str()),
101 .pkgName = const_cast<char*>(dmPkgName.c_str()),
102 .dataType = DATA_TYPE_BYTES
103 };
104 dmTransPortPtr_->OnSocketOpened(socketId, info);
105 dmTransPortPtr_->HandleReceiveMessage(socketId, payload);
106 dmTransPortPtr_->CreateClientSocket(rmtNetworkId);
107 dmTransPortPtr_->IsDeviceSessionOpened(rmtNetworkId, socketId);
108 dmTransPortPtr_->StartSocket(rmtNetworkId, socketId);
109 dmTransPortPtr_->StopSocket(rmtNetworkId);
110 dmTransPortPtr_->Send(rmtNetworkId, payload, socketId);
111 rmtNetworkId = "";
112 dmTransPortPtr_->CreateClientSocket(rmtNetworkId);
113 dmTransPortPtr_->StartSocket(rmtNetworkId, socketId);
114 dmTransPortPtr_->StopSocket(rmtNetworkId);
115 dmTransPortPtr_->Send(rmtNetworkId, payload, socketId);
116 rmtNetworkId = "rmtNetworkId";
117 dmTransPortPtr_->CreateClientSocket(rmtNetworkId);
118 dmTransPortPtr_->UnInit();
119 dmTransPortPtr_->IsDeviceSessionOpened(rmtNetworkId, socketId);
120 std::string remoteDevId(reinterpret_cast<const char*>(data), size);
121 dmTransPortPtr_->ClearDeviceSocketOpened(remoteDevId, socketId);
122 }
123 }
124 }
125
126 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)127 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
128 {
129 /* Run your code on data */
130 OHOS::DistributedHardware::DmTransPortFuzzTest(data, size);
131 OHOS::DistributedHardware::DmTransPortFirstFuzzTest(data, size);
132 return 0;
133 }
134